OpenMonero on Nostr: OpenMonero response to Woodser haveno dev (haveno rug pull scenario) > a malicious ...
OpenMonero response to Woodser haveno dev (haveno rug pull scenario)
> a malicious arbitrator could attempt to take offers, hoping to be assigned trades and then unfairly award funds to themselves. however this risk can be mitigated by:
> a sufficient number of arbitrators - the best way to mitigate this risk is to have a sufficient number of honest arbitrators, so a dishonest arbitrator is unlikely to be assigned a trade before being detected and banned. this creates an economic incentive for arbitrators to act honestly and earn trade fees rather than risk exclusion
I totally agree that individual arbiters need to act honestly so they don't get banned by the network operator. But honestly, that's not the main issue here. The real risk of a rug pull attack (or exit scam) doesn’t come from those individual arbiters, but from the network operator, whom we’ll call "Reto." Reto has the power to assign arbiter roles, which is where the problem lies.
The network operator is a single point of failure because he can create as many arbiter roles as he wants since he holds the admin key. Sure, Reto might give a few trusted individuals arbiter roles to make things look decentralized and transparent. But he could just as easily assign a bunch of roles to bots he controls. Plus, Reto would be in charge of all the taker bots, since anyone can jump in and be a taker. This setup lets Reto secure a two-thirds majority in any disputes that come up.
So, when it comes to pulling off an attack in this scenario, the odds are nearly 99.99% in favor of success. That’s because, when the attack happens, most of the arbiters and takers will likely be bots, all under Reto's control, making them the real weak link in the system.
> arbitrator selection by the maker - the maker can select an arbitrator from a trusted list rather than relying on random assignment (the current default)
The network operator is probably going to kick out all the human arbiters before they carry out the rug pull. This means the makers won’t have any choice but to use arbiter bots. Plus, the makers won’t really have a chance to dispute anything because a taker bot will just send a fake "I have paid" message even though they haven't actually paid. Then, that taker bot will start a dispute, leaning on the arbiter bot to back them up and go after the maker's funds unfairly.
In the end, the arbiter will take the 15% security deposit from the maker, while the taker bot walks away with the trading funds and its own 15% security deposit. The key thing to remember here is that both the taker and arbiter bots are under the control of the network operator, so all that money ends up in their hands, leaving the maker with nothing.
> trade limits per client - restricting the number of active trades or funds at risk per client further reduces potential damage from a dishonest arbitrator
If you try to limit how many active trades takers can have, it won’t really make a difference because anyone can be a taker. So, the network operator (or reto admin) could just set up as many taker bots as they need to get around those limits.
> in contrast, centralized exchanges like localmonero, lm, etc require full trust in the platform operators, because they take full custody of traded funds and can easily steal them at that time
I totally agree with you that most p2p platforms (like centralized exchanges) usually hold full custody of the funds since they require pre-funding for trades. But OpenMonero is different because it doesn’t need sellers to fully fund their trades upfront thanks to its self-custodial trade funding setup. The platform can’t access all of the liquidity at once unless every seller decided to post their bonds at the same time, which is statistically improbable.
It’s also worth mentioning that LocalMonero used to lack the self-custodial trade funding option, meaning that seller funds were always at risk while they waited for trade requests. Right now, OpenMonero can only tap into a maximum of 2% of the total liquidity at any given time, unless every seller posts their externally funded bond at the same time, which remains statistically improbable.
So, we can say that OpenMonero acts like a centralized exchange, but the liquidity is actually decentralized thanks to the self-custodial trade settlements for buyers and self-custodial trade funding for sellers. I suggest checking out the examples on simplifiedprivacy.com for more insights, especially if you’re looking into advanced examples.
> reputation can be easily faked, so does not provide any guarantee of trustworthiness in trade partners
No system is perfect, but it's fair to say that having a reputation system is definitely better than having no verification at all. It’s worth mentioning that faking a reputation system isn’t easy and it requires a lot of money and time. Sure, someone could try to create fake trades on OpenMonero, but the system can pick up on that pretty quickly (for ex, if someone makes 1000 trades in a short period, that would definitely raise some eyebrows)
Sellers/Buyers can also check users' Telegram handles through trusted sites like localmonero.co or confirm PGP keys from reliable sources, including LocalMonero and imported profiles.
Plus, you can’t do coin-locking on OpenMonero since sellers need to fund trades manually. It’s not an automated process like on networks like Haveno, which really helps to reduce the chances of exit scams. When it comes to offers on OpenMonero, they’re not fully funded right away. You only need 0.35 XMR to list an ad in the search results. This is mainly to fend off spam listings, but it can also help fund smaller trades. If a trade is bigger, sellers have the option to use an external, fully isolated wallet to fund the transaction and keep themselves safe from any potential scams right from the start.
> they can collect and store sensitive trade details across all traders
I don’t have an admin panel to keep track of trades or messages, and users can set up self-destructing messages right after a trade or completely delete their accounts. This kind of feature probably wouldn’t work in decentralized systems since all data is saved on multiple nodes. Also, the OpenMonero wallet creates a new address every time you make a deposit to help keep your privacy intact.
> they're more likely to be shut down due to legal compliance, and you're left to find a new service
My identity is kept private, and OpenMonero vendors don’t have to go through any KYC checks, which means we can totally work outside of regulations. This works because the platform isn't custodial, it's open-source, and you can access it via Tor hidden services and I2P. So, even if the clearnet domain gets taken down by the authorities, the exchange would still run smoothly. Anyone can self-host the frontend or even fork the code to make their own OpenMonero version. Plus, we’re working on a Nostr-based version that lets anyone become an escrow provider or self-host the frontend without needing any backend. This would make it super resistant to censorship. Check out the interview for more details!
> ultimately users should consider the trustworthiness of the haveno network they're using and its arbitrators, but these networks provide greater decentralization, privacy, and control of funds than centralized services, which are a single point of failure
Most of my vendors don’t really need to trust me because they don’t have to download any software or put down trading funds upfront to get trade requests (unlike Haveno). This really cuts down the chances of exit scams right from the start, and it keeps their personal files safe from malicious access. The OpenMonero web app runs smoothly in any browser and doesn’t connect to the user’s system, which is way different from Haveno that needs to be installed and has a daemon running all the time on your computer (definitely a recipe for keyloggers and shady auto updates). Plus, the built-in non-custodial wallet in Haveno isn’t very secure since malicious updates could come with keyloggers to snag your private keys. But with OpenMonero, vendors can fund their bonds using totally isolated wallets like Cake Wallet, Moneroju, Monero Wallet CLI, Feather Wallet, Trezor, and more.
The Haveno platform mainly looks out for the network operators, but it doesn’t really do much to protect market makers. This leaves them open to the risk of exit scams since the liquidity, the most important asset, is fully controlled by the network operator.
Also, let’s be clear: Haveno isn't truly decentralized. Accounts and order books don’t get shared between different Haveno instances, which creates a fragmented setup that’s kind of like a local network. The system would work a lot better if there was one big network where accounts and offers were merged from various instances instead of just having this isolated system run by a single operator. That’s not how decentralization should work.
When we talk about fund security, decentralization isn’t the most important factor. What really matters are things like how quickly trades get finalized, self-custodial trade settlements and self-custodial funding, along with a solid reputation system. Without a reputation system, there’s no trust between trading partners. Plus, if we don’t have self-custodial settlements or funding, the admin could easily run off with all the liquidity.
I’d love to keep the conversation going if you have any other points you want to bring up. I think Haveno does a pretty good job of protecting network operators, and I really appreciate that it’s open-source!
However I think OpenMonero is more safe (multi-sig vs self-custodial) and has 98% less risk of total liquidity being jeopardized at all times. The occurrence of exit scams is relatively low within this model.
Reference: https://archive.ph/GsDsn
Interview: https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html
#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex
> a malicious arbitrator could attempt to take offers, hoping to be assigned trades and then unfairly award funds to themselves. however this risk can be mitigated by:
> a sufficient number of arbitrators - the best way to mitigate this risk is to have a sufficient number of honest arbitrators, so a dishonest arbitrator is unlikely to be assigned a trade before being detected and banned. this creates an economic incentive for arbitrators to act honestly and earn trade fees rather than risk exclusion
I totally agree that individual arbiters need to act honestly so they don't get banned by the network operator. But honestly, that's not the main issue here. The real risk of a rug pull attack (or exit scam) doesn’t come from those individual arbiters, but from the network operator, whom we’ll call "Reto." Reto has the power to assign arbiter roles, which is where the problem lies.
The network operator is a single point of failure because he can create as many arbiter roles as he wants since he holds the admin key. Sure, Reto might give a few trusted individuals arbiter roles to make things look decentralized and transparent. But he could just as easily assign a bunch of roles to bots he controls. Plus, Reto would be in charge of all the taker bots, since anyone can jump in and be a taker. This setup lets Reto secure a two-thirds majority in any disputes that come up.
So, when it comes to pulling off an attack in this scenario, the odds are nearly 99.99% in favor of success. That’s because, when the attack happens, most of the arbiters and takers will likely be bots, all under Reto's control, making them the real weak link in the system.
> arbitrator selection by the maker - the maker can select an arbitrator from a trusted list rather than relying on random assignment (the current default)
The network operator is probably going to kick out all the human arbiters before they carry out the rug pull. This means the makers won’t have any choice but to use arbiter bots. Plus, the makers won’t really have a chance to dispute anything because a taker bot will just send a fake "I have paid" message even though they haven't actually paid. Then, that taker bot will start a dispute, leaning on the arbiter bot to back them up and go after the maker's funds unfairly.
In the end, the arbiter will take the 15% security deposit from the maker, while the taker bot walks away with the trading funds and its own 15% security deposit. The key thing to remember here is that both the taker and arbiter bots are under the control of the network operator, so all that money ends up in their hands, leaving the maker with nothing.
> trade limits per client - restricting the number of active trades or funds at risk per client further reduces potential damage from a dishonest arbitrator
If you try to limit how many active trades takers can have, it won’t really make a difference because anyone can be a taker. So, the network operator (or reto admin) could just set up as many taker bots as they need to get around those limits.
> in contrast, centralized exchanges like localmonero, lm, etc require full trust in the platform operators, because they take full custody of traded funds and can easily steal them at that time
I totally agree with you that most p2p platforms (like centralized exchanges) usually hold full custody of the funds since they require pre-funding for trades. But OpenMonero is different because it doesn’t need sellers to fully fund their trades upfront thanks to its self-custodial trade funding setup. The platform can’t access all of the liquidity at once unless every seller decided to post their bonds at the same time, which is statistically improbable.
It’s also worth mentioning that LocalMonero used to lack the self-custodial trade funding option, meaning that seller funds were always at risk while they waited for trade requests. Right now, OpenMonero can only tap into a maximum of 2% of the total liquidity at any given time, unless every seller posts their externally funded bond at the same time, which remains statistically improbable.
So, we can say that OpenMonero acts like a centralized exchange, but the liquidity is actually decentralized thanks to the self-custodial trade settlements for buyers and self-custodial trade funding for sellers. I suggest checking out the examples on simplifiedprivacy.com for more insights, especially if you’re looking into advanced examples.
> reputation can be easily faked, so does not provide any guarantee of trustworthiness in trade partners
No system is perfect, but it's fair to say that having a reputation system is definitely better than having no verification at all. It’s worth mentioning that faking a reputation system isn’t easy and it requires a lot of money and time. Sure, someone could try to create fake trades on OpenMonero, but the system can pick up on that pretty quickly (for ex, if someone makes 1000 trades in a short period, that would definitely raise some eyebrows)
Sellers/Buyers can also check users' Telegram handles through trusted sites like localmonero.co or confirm PGP keys from reliable sources, including LocalMonero and imported profiles.
Plus, you can’t do coin-locking on OpenMonero since sellers need to fund trades manually. It’s not an automated process like on networks like Haveno, which really helps to reduce the chances of exit scams. When it comes to offers on OpenMonero, they’re not fully funded right away. You only need 0.35 XMR to list an ad in the search results. This is mainly to fend off spam listings, but it can also help fund smaller trades. If a trade is bigger, sellers have the option to use an external, fully isolated wallet to fund the transaction and keep themselves safe from any potential scams right from the start.
> they can collect and store sensitive trade details across all traders
I don’t have an admin panel to keep track of trades or messages, and users can set up self-destructing messages right after a trade or completely delete their accounts. This kind of feature probably wouldn’t work in decentralized systems since all data is saved on multiple nodes. Also, the OpenMonero wallet creates a new address every time you make a deposit to help keep your privacy intact.
> they're more likely to be shut down due to legal compliance, and you're left to find a new service
My identity is kept private, and OpenMonero vendors don’t have to go through any KYC checks, which means we can totally work outside of regulations. This works because the platform isn't custodial, it's open-source, and you can access it via Tor hidden services and I2P. So, even if the clearnet domain gets taken down by the authorities, the exchange would still run smoothly. Anyone can self-host the frontend or even fork the code to make their own OpenMonero version. Plus, we’re working on a Nostr-based version that lets anyone become an escrow provider or self-host the frontend without needing any backend. This would make it super resistant to censorship. Check out the interview for more details!
> ultimately users should consider the trustworthiness of the haveno network they're using and its arbitrators, but these networks provide greater decentralization, privacy, and control of funds than centralized services, which are a single point of failure
Most of my vendors don’t really need to trust me because they don’t have to download any software or put down trading funds upfront to get trade requests (unlike Haveno). This really cuts down the chances of exit scams right from the start, and it keeps their personal files safe from malicious access. The OpenMonero web app runs smoothly in any browser and doesn’t connect to the user’s system, which is way different from Haveno that needs to be installed and has a daemon running all the time on your computer (definitely a recipe for keyloggers and shady auto updates). Plus, the built-in non-custodial wallet in Haveno isn’t very secure since malicious updates could come with keyloggers to snag your private keys. But with OpenMonero, vendors can fund their bonds using totally isolated wallets like Cake Wallet, Moneroju, Monero Wallet CLI, Feather Wallet, Trezor, and more.
The Haveno platform mainly looks out for the network operators, but it doesn’t really do much to protect market makers. This leaves them open to the risk of exit scams since the liquidity, the most important asset, is fully controlled by the network operator.
Also, let’s be clear: Haveno isn't truly decentralized. Accounts and order books don’t get shared between different Haveno instances, which creates a fragmented setup that’s kind of like a local network. The system would work a lot better if there was one big network where accounts and offers were merged from various instances instead of just having this isolated system run by a single operator. That’s not how decentralization should work.
When we talk about fund security, decentralization isn’t the most important factor. What really matters are things like how quickly trades get finalized, self-custodial trade settlements and self-custodial funding, along with a solid reputation system. Without a reputation system, there’s no trust between trading partners. Plus, if we don’t have self-custodial settlements or funding, the admin could easily run off with all the liquidity.
I’d love to keep the conversation going if you have any other points you want to bring up. I think Haveno does a pretty good job of protecting network operators, and I really appreciate that it’s open-source!
However I think OpenMonero is more safe (multi-sig vs self-custodial) and has 98% less risk of total liquidity being jeopardized at all times. The occurrence of exit scams is relatively low within this model.
Reference: https://archive.ph/GsDsn
Interview: https://simplifiedprivacy.com/openmonero-interview-with-the-dev/compared-to-reto.html
#Privacy #Markets #HiddenService #News #Work #Monero #Crypto #Hacking #HarmReduction #Guides #Bisq #cakewallet #haveno #retoswap #trading #p2p #escrow #localmonero #dex